[Git][security-tracker-team/security-tracker][master] Sync upstream tags for clickhouse CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 24 20:23:44 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb901c54 by Salvatore Bonaccorso at 2022-03-24T21:23:16+01:00
Sync upstream tags for clickhouse CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27042,14 +27042,14 @@ CVE-2021-43306
RESERVED
CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...)
- clickhouse <unfixed> (bug #1008216)
- NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v22.3.2.2-lts)
- NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v22.3.2.2-lts)
+ NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
+ NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...)
- clickhouse <unfixed> (bug #1008216)
- NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v22.3.2.2-lts)
- NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v22.3.2.2-lts)
+ NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
+ NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
@@ -31240,14 +31240,14 @@ CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when pars
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...)
- clickhouse <unfixed> (bug #1008216)
- NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v22.3.2.2-lts)
- NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v22.3.2.2-lts)
+ NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
+ NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...)
- clickhouse <unfixed> (bug #1008216)
- NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v22.3.2.2-lts)
- NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v22.3.2.2-lts)
+ NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
+ NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb901c54d40609e8c267537ddf431020de7527b5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb901c54d40609e8c267537ddf431020de7527b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/8a86f764/attachment.htm>
More information about the debian-security-tracker-commits
mailing list